Revision as of 15:46, 23 April 2006

Troubleshooting

Use of quotation marks ("")

Do never use quotation marks in the PowerDNS config files! They are not evaluated and remain part of the parameter value. This leads to hard to find errors, e.g. no objects are returned from the ldap directory.

No reverse zone transfer

Your ldap tree must contain a seperate subtree of PTR records (e.g. for 1.1.10.10.in-addr.arpa) and you can't set "ldap-method" to "strict".

IPv6 reverse lookup doesn't work in strict mode

For automatically generated reverse IPv6 records your AAAARecord entries must follow two restrictions: They have to be fully expanded ("FFFF::1" is not allowed and it must be "FFFF:0:0:0:0:0:0:1" instead) and they must not contain leading zeros, e.g. an entry containing "002a" is incorrect - use "2a" without zeros instead. These restrictions are due to the fact that LDAP AAAA entries are pure text and doesn't allow searching by wildcards.

Bad search filter

The release of PowerDNS 2.9.20 contains a bug in ldap-filter-{axfr,lookup}. A user provided string with ":target:" is replaced with "(associatedDomain=QUERYDATA)" and braces ARE added. So if you create some filter like

ldap-filter-lookup=(&(:target:)(active=yes))

it will result as

ldap-filter-lookup=(&((associatedDomain=QUERYDATA))(active=yes))

which results with bad search filter. To circumvent the bug temporarily you can add instead

ldap-filter-lookup=(&:target:(active=yes))

The bug will be fixed in version 2.9.21 and later versions.

Feel free to add your own tips

Back to Overview